Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Infected All Eddie Bauer Stores In US, Canada (krebsonsecurity.com)

Posted by BeauHD on from the malware-with-good-taste dept.

New submitter alir1272 quotes a report from Krebs On Security: Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after Krebs On Security first notified the clothier about a possible intrusion at stores nationwide. "The company emphasized that this breach did not impact purchases made at the company's online store eddiebauer.com," reports Krebs On Security.

3 of 50 comments (clear)

  1. during the first six months of 2016 by ddtmm · · Score: 3, Interesting

    ...credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.

    How is it that it went undetected by credit card companies and banks for so long? Surely they should have detected a pattern. I've always wondered why credit card companies don’t seem to care about fraud. It's like they have no interest in getting to the bottom of it.

    1. Re:during the first six months of 2016 by HungryMonkey · · Score: 4, Interesting

      Six months is probably from the oldest infected file date. Given that it was at every location, there is a good chance they didn't do anything with the information obtained until it has spread across the network. And even then, they may have let it sit and gather data for a while before they sold anything on the assumption that once they started to act it wouldn't take long to be shut down.

  2. malware, malware, everywhere malware... by Anonymous Coward · · Score: 2, Interesting

    these sorts of things simply didn't happen when the credit card machines were hooked directly up to a phone line. swipe, authorize, print, sign, done.

    the same thing COULD still be done with the "new" chip cards (chip and sign, chip and pin, or debit or gift card for that matter), if merchants and credit card companies weren't so fucking clueless.

    yes, they still make those devices, and yes, the new ones do the new cards and some can even still do dial-up.

    merchants should be 100% accountable for every single bit of stolen credit card details, because it is they who choose the less-secure pc-based credit card processing. and i'd even go one farther to say they may even be *criminally negligent* because a more secure method that does not require their own handling of credit card information has existed for *decades*